UPDATE: A previous version of this story inaccurately stated that Horizon Blue Cross Blue Shield of New Jersey was not providing free credit monitoring to those affected by the breach.
On November 4, someone broke into the offices of Horizon Blue Cross Blue Shield of New Jersey and stole two laptops containing the sensitive information of more than 800,000 members.
The medical insurance provider claims that the machines were locked to an employee workstation inside Horizon’s Newark headquarters but that cable-locks were not enough to prevent the theft. Horizon Blue Cross Blue Shield New Jersey said that the laptops are password protected but also admitted that they had failed to encrypt them.
The insurance provider says that the stolen machines may have contained member names, addresses, dates of birth, Horizon Blue Cross Blue Shield of New Jersey identification numbers, Social Security numbers, and clinical information.
As is so often the case when an organization exposes the sensitive information of its customers, Horizon Blue Cross Blue Shield of New Jersey claims that they have no reason to believe that the thieves targeted the stolen laptops because of the information stored within them.
“Due to the way the stolen laptops were configured, we are not certain that all of the member information contained on the laptops is accessible,” the company said in a press release. “We have been working with law enforcement, but to date, have been unable to locate the laptops.”
The company says that it began contacting those individuals potentially affected by the breach on December 6. The insurance provider confirmed that they will also provide free credit monitoring services to all those potentially affected by the breach. It has set up a dedicated hotline though and is urging customers that believe they may have been impacted to contact them immediately if they have not yet received a letter from the company.
“To help prevent something like this from happening in the future, we are strengthening our encryption processes and enhancing our policies, procedures and staff education regarding the safeguarding of company property and member information.”